[apparmor] Apparmor: Query on adding many capabilities in the custom header file

[Christian Boltz]

Hello,

Am Samstag, 24. April 2021, 15:46:22 CEST schrieb Murali Selvaraj:
> Can you please guide me to resolve the above query on the header file
> with enabling many capabilities in the header file?

a) /nvram2/apparmor_boot/caps/common

    capability chown dac_override dac_read_search fowner fsetid kill ipc_lock sys_nice setpcap pc_owner sys_ptrace sys_chroot,

or (same meaning, but more readable)

    capability chown,
    capability dac_override,
    capability dac_read_search,
    capability fowner,
    capability fsetid,
    capability kill,
    capability ipc_lock,
    capability sys_nice,
    capability setpcap,
    capability pc_owner,
    capability sys_ptrace,
    capability sys_chroot,


b) /nvram2/apparmor_boot/usr.bin.test

    profile test /usr/bin/test flags=(attach_disconnected) {
        #include "/nvram2/apparmor_boot/caps/common"
        capability setuid,
        capability setgid,

        /sys/devices/system/cpu/online r,
        [... all your other rules ...]
    }

Note that you need to move the include inside the profile.


Regards,

Christian Boltz
-- 
>In Yast2-System-Editor /etc/sysconfig-Dateien in
>System-Kernel-MODULES_LOADED_ON_BOOT ide-scsi eintragen.
*JAUUUUUUUULLLLL* *ARRRGGHHHH*
Man reiche mir eine Klinik-Jahrespackung von $SCHMERZMITTEL!!!
[> Heinz Dittmar und David Haller in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20210424/86c1040d/attachment.sig>